A new campaign has emerged that weaponizes Microsoft’s familiar branding to lure unsuspecting users into a sophisticated tech support scam.
Victims receive a seemingly legitimate email, complete with Microsoft’s official logo, claiming there is an important financial transaction or security alert requiring immediate attention.
The message prompts recipients to click a link under the guise of confirming identity or resolving an urgent issue.
Cofense analysts noted that the threat actors have refined their social engineering tactics by combining payment lures with deceptive UI overlays to maximize impact.
Upon clicking the link, users are redirected through a faux CAPTCHA challenge designed to mimic a trusted verification process.
Redirect Page (Source -Cofense)
When the victim completes the verification, they are led to a landing page where the browser appears locked by multiple pop-up windows styled after genuine Microsoft security alerts.
Email Body (Source -Cofense)
The attacker’s goal is to create a sense of panic, convincing the user that their system has been compromised beyond normal functionality.
In many cases, the scam culminates in a displayed support phone number claiming to be Microsoft’s helpline.
When the victim dials, they connect to a malicious actor posing as a support technician.
Under the pretext of resolving the infection, the scammer persuades the target to divulge their Microsoft account credentials or install a remote desktop tool to “repair” the system, thereby granting full access to the attacker’s infrastructure.
Infection Mechanism
The infection begins with a list of observed URLs that serve as redirectors and payload hosts. The initial redirector domains include:
hxxps://alphadogprinting.com/index.php?8jl9lz
hxxps://amormc.com/index.php?ndv5f1
These URLs funnel victims through a CAPTCHA page before landing on the malicious overlay server. The payload domains, such as:
hxxps://my.toruftuiov.com/9397b37a-50c4-48c0-899d-f5e87a24088d
hxxps://deprivy.stified.sbs/proc.php
host the scripted overlays that manipulate the DOM to disable mouse control and display counterfeit alerts.
The browser lock is purely illusory and can be dismissed by pressing the ESC key, but few victims discover this before contacting the attacker.
By blending trusted logos with multiple redirect stages and UI deception, this campaign exemplifies an evolving threat that leverages brand familiarity to facilitate credential theft.
Follow us on Google News, LinkedIn, and X to Get More Instant Updates, Set CSN as a Preferred Source in Google.
The post New Tech Support Scam with Microsoft’s Logo Tricks Users to Steal Login Credentials appeared first on Cyber Security News.
